fcpa compliance audits: lessons from recent...
TRANSCRIPT
FCPA Compliance Audits:
Lessons From Recent Investigations Monitoring and Improving the Effectiveness of FCPA Compliance Programs
Today’s faculty features:
1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific
The audio portion of the conference may be accessed via the telephone or by using your computer's
speakers. Please refer to the instructions emailed to registrants for additional information. If you
have any questions, please contact Customer Service at 1-800-926-7926 ext. 10.
WEDNESDAY, DECEMBER 17, 2014
Presenting a live 90-minute webinar with interactive Q&A
Peter Viksnins, Director in the Forensic Services, PricewaterhouseCoopers, Washington, D.C.
Albert A. Vondra, Partner, PricewaterhouseCoopers, Cleveland
David A. Wilson, Partner, Thompson Hine, Washington, D.C.
Tips for Optimal Quality
Sound Quality
If you are listening via your computer speakers, please note that the quality
of your sound will vary depending on the speed and quality of your internet
connection.
If the sound quality is not satisfactory, you may listen via the phone: dial
1-866-570-7602 and enter your PIN when prompted. Otherwise, please
send us a chat or e-mail [email protected] immediately so we can
address the problem.
If you dialed in and have any difficulties during the call, press *0 for assistance.
Viewing Quality
To maximize your screen, press the F11 key on your keyboard. To exit full screen,
press the F11 key again.
FOR LIVE EVENT ONLY
Continuing Education Credits
For CLE purposes, please let us know how many people are listening at your
location by completing each of the following steps:
• In the chat box, type (1) your company name and (2) the number of
attendees at your location
• Click the SEND button beside the box
If you have purchased Strafford CLE processing services, you must confirm your
participation by completing and submitting an Official Record of Attendance (CLE
Form).
You may obtain your CLE form by going to the program page and selecting the
appropriate form in the PROGRAM MATERIALS box at the top right corner.
If you'd like to purchase CLE credit processing, it is available for a fee. For
additional information about CLE credit processing, go to our website or call us at
1-800-926-7926 ext. 35.
FOR LIVE EVENT ONLY
Program Materials
If you have not printed the conference materials for this program, please
complete the following steps:
• Click on the ^ symbol next to “Conference Materials” in the middle of the left-
hand column on your screen.
• Click on the tab labeled “Handouts” that appears, and there you will see a
PDF of the slides for today's program.
• Double click on the PDF and a separate page will open.
• Print the slides by clicking on the printer icon.
FOR LIVE EVENT ONLY
David A. Wilson Thompson Hine Albert A. Vondra PricewaterhouseCoopers Peter Viksnins PricewaterhouseCoopers, Washington, D.C.
• U.S. Sentencing Guidelines
• DPA/Plea Agreement terms
• US/International/UK Bribery Act Guidance
• Evolving concept of “best practices”
6
§8B2.1. Effective Compliance and Ethics Program
• The organization shall take reasonable steps— ₊ to ensure that the organization’s compliance and ethics program is followed, including
monitoring and auditing to detect criminal conduct;
₊ to evaluate periodically the effectiveness of the organization’s compliance and ethics program; and
• The organization shall periodically assess the risk of criminal conduct and shall take appropriate steps to design, implement, or modify [program elements] to reduce the risk of criminal conduct identified through this process.
7
"Periodic review and testing of the compliance code, standards and procedures designed to evaluate and improve their effectiveness in preventing and detecting violations of anti-corruption laws and [company's] compliance and ethics program, taking into account relevant developments in the field and evolving international and industry standards.“
8
• In addition to discussion of auditor obligations, SEC & DoJ mention internal audits several times in the guidance, including:
• “DOJ and SEC encourage companies engaging in mergers and acquisitions to: … conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable” (page 29)
• “As a company’s risk for FCPA violations increases, that business should consider increasing its compliance procedures, including due diligence and periodic internal audits.” (page 59)
9
“Periodic reviews of the ethics and compliance programmes or measures, designed to evaluate and improve their effectiveness in preventing and detecting foreign bribery, taking into account relevant developments in the field, and evolving international and industry standards.” OECD Good Practice Guidance on Internal Controls, Ethics, and Compliance
10
MOJ Guidance regarding Adequate Procedures under UKBA • Principle 3: The commercial organisation assesses the nature and extent
of its exposure to potential external and internal risks of bribery on its behalf by persons associated with it. The assessment is periodic, informed and documented.
• Principle 6: The commercial organisation monitors and reviews procedures designed to prevent bribery by persons associated with it and makes improvements where necessary.
• Recent SFO guidance on self-reporting: “no guarantee that a prosecution will not follow.”
11
Compliance Program Assessment • Company-wide
• Review of program components
Risk Assessment • Company-wide or site-specific
• Identify corruption risk areas
Compliance/FCPA Audits • Site-specific
• Evaluate site’s compliance with laws and policies
• Transactional testing and interviews
12
Pfizer DPA (August 2012)
• Risk Assessments
+ Risk-based program of annual reviews of high-risk markets based on business and location
+ Five markets identified and reviewed annually
13
Each FCPA Audit shall include: • On-site visits by a team from Compliance and, when appropriate, Legal
and qualified auditors who have received FCPA and anticorruption training.
• Review representative sample of contracts, payments to government officials, healthcare providers and other high-risk transactions.
• Creation of action plans resulting from issues identified during audits with undertakings designed to enhance anticorruption compliance, repair process weaknesses, and deter violations.
• Where appropriate, feasible, and permissible under local law, review of the books and records of distributors
14
Pfizer DPA (August 2012) ($15MM Criminal Penalties, $45.2 in disgorgement and interest)
• Nine-point compliance program mandated, requiring: ₊ corporate policy against violations;
₊ application to all employees and outside parties acting on company’s behalf;
₊ appointment of responsible executives who report to Board
₊ training and certifications
₊ reporting system for violations
₊ disciplinary procedures;
₊ due diligence on agents and business partners;
₊ standard contract provisions;
₊ periodic testing of code, standards and procedures
15
• Bio-Rad NPA ($14M DOJ Fine; $41M to SEC for disgorgement and interest) – commission payments to intermediary companies (Russia) – November 2014
• HP Entities DPA & NPA ($108M to SEC and DOJ) (Mexico, Russia, Poland) – April 2014
• ADM NPA ($54M to SEC and DOJ) (Ukraine, Venezuela) – December 2013
• Weatherford International and subsidiaries DPA and Equity pleas ($252M for FCPA, export control violations) (Africa, Middle East) – November 2013
16
• In a recent SEC settlement, the regulators alleged that a company “…failed to audit and compare the distributor's margin against the end user price to ensure excess margins were not being built into the pricing structure…” and “failed to seek transparency in or audit third party payments made by distributors…”
• This case was also the first time the SEC made an FCPA Books & Records and Internal Controls charge without an attendant allegation of bribery, for “creating the potential for bribery or embezzlement.”
17
• Detect and deter violations
• Reassess risk profile
• Test compliance program effectiveness
• Satisfy government expectations
₊ Involvement of senior management
18
• A risk-based process that can be consistently and systematically applied to operations across the globe
• Appropriate depth and scope in light of resources and risks
• Cost-effective and non-disruptive to business
• Preserve privilege where appropriate
19
I. Why conduct an anti-corruption risk assessment?
II. Measuring risk factors
III. Scope of an FCPA audit
IV. Operations compliance assessment
V. FCPA Compliance – Course of action for companies
VI. Questions and answers
Note: Must overcome “head in the sand” syndrome. See Bio-Rad.
Increased danger from whistleblower potential.
20
Downside of forgoing risk assessment • Fines and Penalties
• Reputational risk
• Shareholder litigation
• Corollary prosecution
• Wasting resources on low-risk areas/focusing on the wrong areas
21
Upside of performing a risk assessment • Cost effective program
• Business partner competitive advantage
• UK Bribery Act Adequate Procedures Defense
• Insurance claims
• Industry’s Compliance Problems
• Company’s Compliance History, Audit Findings
• Senior Management – involvement and commitment
• Nature and locations of business/transactions
• Use of third parties, vendors, suppliers
• Documentation and support – books and records
• Business with government entities
22
23
GEOGRAPHY Operating locations and export destinations 2014 Transparency International Corruption Perception Index: Scores countries 1-100 scale, with 100 representing least perception of corruption and 1 being highest perception of corruption.
Other notables: Brazil – 43 India – 38 China – 36 Russia – 27 World Bank’s World Wide Governance Index: Measures regulatory quality, control of corruption, political stability, and absence of violence.
24
Top Five Score Bottom Five Score
Denmark 92 Iraq 16
New Zealand 91 South Sudan 15
Finland 89 Afghanistan 12
Sweden 87 Sudan 11
Norway 86 North Korea 8
Switzerland 86 Somalia 8
25
26
• Contacts with Government, for example ₊ Customs
₊ Immigration
₊ Tax Authorities
₊ Litigation
₊ Customers
₊ Regulators
• Industry-specific risks
• Channels to market: third parties
27
• Compliance - policies and procedures
• Third party agreements and payments
• Payments to foreign officials
• Charitable contributions/donations
• Payments - gifts, T&E, hospitality, facilitation
• Sponsorships
• Opening and maintenance of bank accounts
• Cash – petty cash/advances
• Import and export
28
• Finance and Accounting
—Discussions to be held with, but not limited to, Accounting Manager
—Analyze Chart of Accounts for other high risk accounts; and where high risk transaction could be recorded
—Analyze Local Policies and Procedures
—Payment testing
• Gifts and Hospitality
—Discussions to be held with, but not limited to, Accounting Manager
—Analyze Chart of Accounts
—Gifts
—Gratuities
—Entertainment
—Analyze Local Policies and Procedures
—Payment testing
29
• Expense Reports
+ Obtain policies regarding employee expense reimbursement
+ Determine whether reimbursements are made to non-employees
– Obtain explanation and purpose
+ Select representative reports for individuals including but not limited to
– Director, managers, sales representatives
– Examine approval and documentation for reimbursements
– Assess adequacy of documentation
– Assess validity of business purpose
– Assess compliance with expense reimbursement policies
– Identify employee reimbursements where a government official was present
+ Identify travel or other expenses paid to vendors, representatives or agents on behalf of a government official
30
• Tenders and Contracts
+ Meetings should be held with, but not limited to, head of sales and/or operations manager.
+ Obtain an understanding of company’s revenues stream
– Main customers
– Government (direct or indirect sales)
– Contracts
+ Anything of value provided
+ Tender process
– Responsibility and involvement in participation
+ Assess policies and procedures related to discounts, rebates, allowances, and commissions, and how they are recorded.
+ Contract testing
+ Payment testing
31
• Third Parties
+ Discussions should be held with personnel dealing with distributors /sales agents and others used as channels to government customers (third parties).
+ Obtain and analyze a third party listing
+ Obtain an understanding of policies related to payments to third parties
+ Is due diligence performed by Company prior to retaining third parties
– Are there periodic updates and knowledge of dealings?
+ Are there any “above average” commissions or discounts?
+ Approval process for certain third party activities.
+ Right to audit? Is it exercised?
+ Does Third Party makes disbursements on behalf of the Company? How are they reimbursed
+ Contract testing
+ Payment testing
32
• Assignment of a corporate official to oversee compliance with policies, standards, and procedures regarding anticorruption laws. Reports directly to AC and BOD.
• Issuing clear company policies (in each jurisdiction) on what constitutes unacceptable behavior and enforcing the prescribed consequences.
• Installation of a mechanism which is accessible and provides anonymity to report concerns.
• Performing frequent risk assessments/field tests/audits to determine whether employees understand company policies and testing the adequacy of existing programs and controls.
• Streamlining and integrating payment systems to easily see where, why, and how much money is being spent.
• Regularly testing payment systems and controls to gain transparency into high risk expenditures.
• Thoroughly and regularly training employees to address the enforcement of international anticorruption standards. Implementation of annual certification process for senior management.
• Routinely conducting due diligence on third parties, such as agents, sales consultants, distributors, and vendors.
• Completion of due diligence by legal, accounting and compliance prior to acquisition.
33
• Scope
• Resources
• Control
• Costs
• Access to Information
• Handling the results
• Collateral consequences
34
• Tailoring scope
• Board and senior management involvement to define scope and allocate resources (internal and external)
• Business segments; foreign subsidiaries; JVs; third parties
• Defining audit period
+ scale, resources, time to completion
35
• Many levels of audit depending on risks, audit history
• Tailor to company’s circumstances
• Define clearly up front; refine if warranted
• Draft plan before starting with goals, scope, processes, responsibilities and categories of tasks defined
• Build in accountability and reporting
36
• Disruption to business
• Costs
• Internal personnel
• External consultants, lawyers
37
• Outside auditors
• Internal audit
• Resource constraints?
• Consultants
• Counsel
• Outside lawyers have expertise but are costly
• In-house lawyers know the company but their objectivity can be questioned
• What, if any, privilege can be maintained
38
• Board/Audit Committee
• Internal audit/Compliance
• In-house counsel
• Critical component of cost-effectiveness
39
• Develop budget with input from all participants
• Break down tasks and align responsibilities with expertise
• Combine audit with training to minimize travel
• Stick to audit plan unless explicitly revised
• Reporting and accountability
40
• Local laws on privacy
• Interviews
• Email collection
• Uncooperative or reluctant employees
• Third parties
• Availability of information on agents, business partners
• Language barriers
41
• Consult local counsel on privacy issues
• Communicate goals of audit to employees
• Invoke contractual rights with third parties or revise contracts
• Must be even-handed
42
• Critical for effectiveness and credit
• Disciplinary action
• Changes in business partners
• Training
• Process changes
• Preserve information
• Reporting out
• To board/audit committee
• To government authorities (based on advice of counsel)
• Value of self-disclosure, remediation
43
• Plan for corrective action as part of audit
• Regular reporting up when issues arise
44
• Swift action is key
• Heightens need for frequent audits
• Whistleblower dangers
₊ Incentive to report before company does
• Must show company takes compliance seriously
45
• Government investigations
• Shareholder and derivative litigation
• Disgorgement and penalties
• Attorney’s fees
• Reputational damage
46
David A. Wilson Thompson Hine, Washington, D.C. 202.263.4161 [email protected] Albert A. Vondra PricewaterhouseCoopers, Washington, D.C./Cleveland 703.918.1534/216.363.5812 [email protected] Peter Viksnins PricewaterhouseCoopers, Washington, D.C. 703.918.1514 [email protected]
47